[nginx] Changed ngx_chain_update_chains() to test tag first (ticket #2248).
Maxim Dounin
mdounin at mdounin.ru
Sat Oct 30 01:37:42 UTC 2021
details: https://hg.nginx.org/nginx/rev/c7a8bdf5af55
branches:
changeset: 7951:c7a8bdf5af55
user: Maxim Dounin <mdounin at mdounin.ru>
date: Sat Oct 30 02:39:19 2021 +0300
description:
Changed ngx_chain_update_chains() to test tag first (ticket #2248).
Without this change, aio used with HTTP/2 can result in connection hang,
as observed with "aio threads; aio_write on;" and proxying (ticket #2248).
The problem is that HTTP/2 updates buffers outside of the output filters
(notably, marks them as sent), and then posts a write event to call
output filters. If a filter does not call the next one for some reason
(for example, because of an AIO operation in progress), this might
result in a state when the owner of a buffer already called
ngx_chain_update_chains() and can reuse the buffer, while the same buffer
is still sitting in the busy chain of some other filter.
In the particular case a buffer was sitting in output chain's ctx->busy,
and was reused by event pipe. Output chain's ctx->busy was permanently
blocked by it, and this resulted in connection hang.
Fix is to change ngx_chain_update_chains() to skip buffers from other
modules unconditionally, without trying to wait for these buffers to
become empty.
diffstat:
src/core/ngx_buf.c | 8 ++++----
1 files changed, 4 insertions(+), 4 deletions(-)
diffs (24 lines):
diff -r e3dbd9449b14 -r c7a8bdf5af55 src/core/ngx_buf.c
--- a/src/core/ngx_buf.c Fri Oct 29 20:21:57 2021 +0300
+++ b/src/core/ngx_buf.c Sat Oct 30 02:39:19 2021 +0300
@@ -203,16 +203,16 @@ ngx_chain_update_chains(ngx_pool_t *p, n
while (*busy) {
cl = *busy;
- if (ngx_buf_size(cl->buf) != 0) {
- break;
- }
-
if (cl->buf->tag != tag) {
*busy = cl->next;
ngx_free_chain(p, cl);
continue;
}
+ if (ngx_buf_size(cl->buf) != 0) {
+ break;
+ }
+
cl->buf->pos = cl->buf->start;
cl->buf->last = cl->buf->start;
More information about the nginx-devel
mailing list